Cyberwar: “Do as I say, not as I do” shall be the whole of the law.

Summary: Much of the hooplah about the possible involvement of foreign intelligence in digital certificate-forging is probably foreign governments wishing they had the level of access to citizen data that ours does (and we won’t share). The second in a series by guest author Marcus J. Ranum discussing cyberwar — perhaps one of the major forms of war in the 21st century.

Article about VeriSign (“Trust is the Foundation of Every Human Relationship”): “VeriSign sells digital certification services and runs the Internet registry, thus is well prepared to sell private information on its all-too-trusting customers and to assist ISPs and wireless providers in the business of betrayal, though it is hardly alone in spying boomtime.”

AN ALARM blares in the cockpit mid flight, warning the pilot of an imminent collision. The pilot checks his tracking display, sees an incoming aircraft and sends the plane into a dive. That only takes it into another crowded air lane, however, where it collides with a different plane. Investigators later discover that the pilot was running from a “ghost” – a phantom aircraft created by a hacker intent on wreaking havoc in the skies.

It’s a fictional scenario, but US air force analysts warn that it could be played out if hackers exploit security holes in an increasingly common air traffic control technology.

At issue is a technology called Automatic Dependent Surveillance – Broadcast (ADS-B), which the International Civil Aviation Organisation certified for use in 2002. Gradually being deployed worldwide, ADS-B improves upon the radar-based systems that air traffic controllers and pilots rely on to find out the location and velocity of aircraft in their vicinity. …

The problem with the article is that it doesn’t show any kind of sensible understanding of security. Which makes me (always) suspicious. They are worried that someone could degrade the signals with a jammer near the tower? Sure, but you could also degrade the signals with a .22 rifle by just shooting a few holes in the cables leading to the antenna. Virtually all of our infrastructure is vulnerable to simple and effective rifle-based attacks and – because of how the infrastructure is distributed, it’s impossible to protect it. (Imagine how much damage 3 guys in 3 pickup trucks with 3 .300 win/mag rifles and scopes could do to a local power grid if they simply drove around shooting holes in transformers?) Yeah… and (unlike in a “cyber” attack, the damage would be costly to repair and there’s always the question of a lurking rifle-man…)

Also, the stuff about the communications being in the clear is – interesting but sort of bogus. The problem with crypto is that it only solves a fairly limited set of problems and they aren’t the kind of problems that an air traffic control system has. For an ATC system you need to be able to allow a “complete stranger” to participate in the communications, without having to exchange complex crypto keys, first. Otherwise, there is hardly any point in having one! So you could build a digital certificate system and “sign” the outbound messages but then the receivers would have to be pre-introduced into the system OR they would have the same problem as SSL, that they trusted anything that came in with a specific certificate, etc, ad nauseam.

This stuff is _hard_ and when I read a scary scary article that treats it as if it’s easy, I immediately smell a rat or a hidden agenda. There are a lot of “security researchers” that like to point out holes in stuff as a lead-in to getting fat consultant $$ fixing the holes. This article makes my spider-senses tingle.